Official Announcement By HTC Regarding Security Vulnerability

It is quite impressive what the power of a single individual can amount to these days. We have been in touch with HTC regarding this security issue (since the beginning), which we officially announced last Friday. We tried to tell them that something wasn’t right with the whole concept of apps mining for data and sending it to a cloud. Well, after last week’s proof of concept released by XDA Recognized Developer TrevE, HTC decided that it was time to let their engineering teams take action. The outcome? People from both HTC in Taiwan and in North America are scrambling to put out security patches to prevent these exploits from being used. According to HTC, they should be rolling out OTA updates once the patches have made it through their testing QA as well as through the carriers.

We are certainly happy that they finally decided to take this with the degree of severity it actually has. The exploit is rather dangerous as virtually every single bit of information in the device is at risk. As it is customary, HTC has put out an official statement where they are letting people know of what we have talked about so far.

It would just be fair to remind HTC that they should not rest after this one is over and done for various reasons. The first one is because there are other confirmed exploits that we will release soon, which they will have to pay attention to. The other is because they need to up their efforts in the QA department a bit. The key to success in this world is constant innovation, and you guys are doing a good job so far, but as stated, you need to do a bit better.

Our community is willing to work with you as you have already seen for the last few weeks. This is not a matter of simply pointing fingers or kicking the giant when its down, this is something that affects the vast majority of us at XDA and as such we just want to point out things so that you take action. There will be other times for us to bash you (like blogs across the web have done), but this is not one of them. This is a very serious issue and with everyone being on the same page working together to find a solution, everyone will benefit from the outcome.

HTC Public Statement:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

egzthunder1

egzthunder1 is an editor on XDA-Developers,
the largest community for Android users. I have been an active member of xda-developers since 2005 and have gone through various roles in my time here. I am Former Portal Administrator, and currently part of the administrator team while maintaining my writer status for the portal. In real life, I am a Chemical Engineer turned Realtor in the Miami area.
View egzthunder1's posts and articles here.

Join us in a fun Sunday Debate on Compromises. Come with your opinions and feel free to read some of our thoughts, then pick your side or play devil’s advocate to get your voice heard and engage in friendly discussion. You can read our food-for-thought or jump straight into the fray below! Getting an upgrade is a big deal to us power users: it’s our little Android Christmas, where after a long time (for plenty of us, at least)...

The Note 4 never had the fastest Recents Menu, and despite its 3GB of RAM, its app-holding capabilities only got worse on Lollipop. The infamous RAM bug that plagued the S6 is indeed an annoyance on the Note 4's 5.0.X ROMs. Rumors of an update to fix all of this were confirmed with the first reports of the 5.1.1 update for the Russian Note 4, which seemingly improved the Recents Menu and RAM management. But it'll be a long time...

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week. ...

Samsung Galaxy Note 3 (AT&T) [N900A]

OnePlus One (Unlocked)

HTC One M9 (Unlocked)

XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?